[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Tue May 22 22:30:21 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f93bff7f by Moritz Muehlenhoff at 2018-05-22T23:30:01+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -58,21 +58,21 @@ CVE-2018-11375 (The _inst__lds() function in radare2 2.5.0 allows remote attacke
 CVE-2018-11374
 	RESERVED
 CVE-2018-11373 (iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" ...)
-	TODO: check
+	NOT-FOR-US: iScripts eSwap
 CVE-2018-11372 (iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User ...)
-	TODO: check
+	NOT-FOR-US: iScripts eSwap
 CVE-2018-11371 (SkyCaiji 1.2 allows CSRF to add an Administrator user. ...)
-	TODO: check
+	NOT-FOR-US: SkyCaiji
 CVE-2018-11370
 	RESERVED
 CVE-2018-11369 (An issue was discovered in PbootCMS v1.0.9. There is a SQL Injection ...)
-	TODO: check
+	NOT-FOR-US: PbootCMS
 CVE-2018-11368
 	RESERVED
 CVE-2018-11367 (An issue was discovered in CppCMS before 1.2.1. There is a denial of ...)
-	TODO: check
+	NOT-FOR-US: CppCMS
 CVE-2018-11366 (init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2018-11365 (sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat 0.1.1 has an ...)
 	- r-cran-haven <unfixed> (low)
 CVE-2018-11364 (sav_parse_machine_integer_info_record in spss/readstat_sav_read.c in ...)
@@ -146,23 +146,23 @@ CVE-2018-11331 (An issue was discovered in Pluck before 4.7.6. Remote PHP code .
 CVE-2018-11330 (An issue was discovered in Pluck before 4.7.6. There is authenticated ...)
 	NOT-FOR-US: Pluck CMS
 CVE-2018-11329 (The DrugDealer function of a smart contract implementation for Ether ...)
-	TODO: check
+	NOT-FOR-US: DrugDealer smart contractz
 CVE-2018-11328 (An issue was discovered in Joomla! Core before 3.8.8. Under specific ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2018-11327 (An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2018-11326 (An issue was discovered in Joomla! Core before 3.8.8. Inadequate input ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2018-11325 (An issue was discovered in Joomla! Core before 3.8.8. The web install ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2018-11324 (An issue was discovered in Joomla! Core before 3.8.8. A long running ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2018-11323 (An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2018-11322 (An issue was discovered in Joomla! Core before 3.8.8. Depending on the ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2018-11321 (An issue was discovered in com_fields in Joomla! Core before 3.8.8. ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2018-11320 (In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are ...)
 	NOT-FOR-US: Octopus Deploy
 CVE-2018-1000181
@@ -718,7 +718,7 @@ CVE-2018-11095 (The decompileJUMP function in decompile.c in libming through 0.4
 CVE-2018-11094 (An issue was discovered on Intelbras NCLOUD 300 1.0 devices. ...)
 	NOT-FOR-US: Intelbras NCLOUD
 CVE-2018-11093 (Cross-site scripting (XSS) vulnerability in the Link package for ...)
-	TODO: check
+	NOT-FOR-US: CKeditor addon
 CVE-2018-11092 (An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF ...)
 	NOT-FOR-US: Admin Notes plugin for MyBB
 CVE-2018-11091 (An issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file ...)
@@ -11334,9 +11334,9 @@ CVE-2018-6965
 CVE-2018-6964
 	RESERVED
 CVE-2018-6963 (VMware Workstation (14.x before 14.1.2) and Fusion (10.x before ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2018-6962 (VMware Fusion (10.x before 10.1.2) contains a signature bypass ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2018-6961
 	RESERVED
 CVE-2018-6960 (VMware Horizon DaaS (7.x before 8.0.0) contains a broken ...)
@@ -12808,11 +12808,11 @@ CVE-2018-6496
 CVE-2018-6495
 	RESERVED
 CVE-2018-6494 (Remote SQL Injection against the HP Service Manager Software Web Tier, ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2018-6493 (SQL Injection in HP Network Operations Management Ultimate, version ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2018-6492 (Persistent Cross-Site Scripting, and non-persistent HTML Injection in ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2018-6491 (Local Escalation of Privilege vulnerability to Micro Focus Universal ...)
 	NOT-FOR-US: Micro Focus Universal CMDB
 CVE-2018-6490 (Denial of Service vulnerability in Micro Focus Operations ...)
@@ -13160,7 +13160,7 @@ CVE-2018-6380 (In Joomla! before 3.8.4, lack of escaping in the module chromes l
 CVE-2018-6379 (In Joomla! before 3.8.4, inadequate input filtering in the Uri class ...)
 	NOT-FOR-US: Joomla!
 CVE-2018-6378 (In Joomla! Core before 3.8.8, inadequate filtering of file and folder ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2018-6377 (In Joomla! before 3.8.4, inadequate input filtering in com_fields leads ...)
 	NOT-FOR-US: Joomla!
 CVE-2018-6376 (In Joomla! before 3.8.4, the lack of type casting of a variable in a ...)
@@ -26034,7 +26034,7 @@ CVE-2018-1585
 CVE-2018-1584
 	RESERVED
 CVE-2018-1583 (IBM StoredIQ 7.6 could allow an authenticated attacker to bypass ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2018-1582
 	RESERVED
 CVE-2018-1581
@@ -114623,7 +114623,7 @@ CVE-2015-8096 (Integer overflow in Google Picasa 3.9.140 Build 239 and Build 248
 CVE-2015-8095 (The recycle bin feature in the Monster Menus module 7.x-1.21 before ...)
 	NOT-FOR-US: Monster Menus module for Drupal
 CVE-2015-8094 (Open redirect vulnerability in Cloudera HUE before 3.10.0 allows ...)
-	TODO: check
+	NOT-FOR-US: Cloudera HUE
 CVE-2015-8093
 	RESERVED
 CVE-2015-8092



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f93bff7f74900543af27a52bc8a3ecc03f92ff2a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f93bff7f74900543af27a52bc8a3ecc03f92ff2a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180522/d508005f/attachment.html>

More information about the debian-security-tracker-commits mailing list